<?php
//include Header
$path = $_SERVER['DOCUMENT_ROOT'];
include("$path/header.php");

if(isset($_SESSION['sessionid'])){
	$result = mysql_query("select beheerder from klanten where klantnummer = " . $_SESSION['klantnummer'] . ";",$server);
	$beheerder = 0;
	while($row = mysql_fetch_array($result)){
		$beheerder = $row['beheerder'];
	}
	if($beheerder == 1){
		$result = mysql_query("select * from bestellingen,bestelstatus where bestellingen.bestellingsnummer = " . $_REQUEST['bn'] . " and bestellingen.statusnummer = bestelstatus.statusnummer;",$server);
		$num_rows = mysql_num_rows($result);
		if($num_rows > 0){
		echo "
			<center>
				<h1>
					Bestelling " . $row['bestellingsnummer'] . "
				</h1>
				<table border=\"1\" id=\"bestellingsinfo\" width=\"30%\">
					<thead>
						<tr>
						</tr>
					</thead>
					<tfoot>
						<tr>
						</tr>
					<tfoot>
					<tbody>";
			while($row = mysql_fetch_array($result)){
				echo"
						<tr>
							<td>
								Bestelnummer:
							</td>
							<td>
								" . $row['bestellingsnummer'] . "
							</td>
						</tr>
						<tr>
							<td>
								Besteldatum:
							</td>
							<td>
								" . $row['besteldatum'] . "
							</td>
						</tr>
							<td>
								afleverdatum:
							</td>
							<td>
								" . $row['afleverdatum'] . "
							</td>
						</tr>
						<tr>
							<td>
								Status:
							</td>
							<td>
								" . $row['statusnaam'] . "
							</td>
						</tr>
					";
			}
			echo"
					</tbody>
				</table>
				<h1>
					Producten
				</h1>
				<table border=\"1\" id=\"productTable\" width=\"70%\">
					<thead>
						<tr>
						</tr>
					</thead>
					<tfoot>
						<tr>
						</tr>
					<tfoot>
					<tbody>";
			$result = mysql_query("select * from producten,bestelregel where producten.productnummer = bestelregel.productnummer and bestelregel.bestellingsnummer = " . $_REQUEST['bn'] . "",$server);
			$totaalprijs = 0;
			while($row = mysql_fetch_array($result)){
			  echo "
						<tr>
							<td>
								<form action=\"delete.php\" method=\"post\"> 
									<input type=\"hidden\" name=\"bestellingsnummer\" value=\"" . $_REQUEST['bn'] . "\" />
									<input type=\"hidden\" name=\"productnummer\" value=". $row['productnummer'] ." />
									<input type=\"image\" src=\"/images/remove.jpg\"> 
								</form> 
							</td>
							<td>
								<form action=\"process.php\" method=\"post\"> 
									<input size=\"1\" type=\"text\" value=\"".$row['aantal']."\" name=\"aantal\">
									<input type=\"hidden\" name=\"bestellingsnummer\" value=\"" . $_REQUEST['bn'] . "\" />
									<input type=\"hidden\" name=\"productnummer\" value=". $row['productnummer'] ." />
									<input type=\"image\" src=\"/images/change.jpg\"> 
								</form> 
							</td>
							<td>
								<a href=\"product.php?id=" . $row['productnummer'] . "\"><img src=\"/images/producten/thumb_" . $row[image] . "\" /></a>
							</td>
							<td>
								<a href=\"product.php?id=" . $row['productnummer'] . "\">" . $row['productnaam'] . "</a>
							</td>
							<td>
								&euro;" .sprintf("%01.2f", ($row[prijs]/100)) . "
							</td>
							<td width=\"150\">
								&euro;" .sprintf("%01.2f", ($row['aantal'] * $row['prijs']) / 100) . "
							</td>
						</tr>
					";
				$totaalprijs += ($row['aantal'] * $row['prijs']); 
			}
			echo"
						<tr>
							<td>
							</td>
							<td>
							</td>
							<td>
							</td>
							<td>
							</td>
							<td>
							</td>
							<td>
								<font color=red><h3>&euro;" .sprintf("%01.2f", $totaalprijs / 100) . "</h3>
							</td>
						</tr>
					</tbody>
				</table>
			</center>";
		}
	} else {
		echo "<h1>Onvoldoende rechten</h1>";
	}
} else {
	echo "<h1>Niet ingelogd</h1>";
}

//include footer
include("$path/footer.php");

?>